Viruses outrun PC protection

October 16, 2003|By Doug Bedell | Doug Bedell,KNIGHT RIDDER/TRIBUNE

After the worst month in history for Internet infections, here's good news. If you use one of the most popular anti-virus programs and keep it updated, nearly 100 percent of the known computer bugs can be detected and squashed.

The bad news is that it won't matter. Some infections will spread so fast that users won't be able to update their virus definitions in time to avoid calamity, experts say.

Even so, security companies are constantly improving their anti-virus programs. Many analysts predict that it won't be long before consumers spend more on security than they do on computer hardware.

Malware - software or files created to do harm - and new worms built along the lines of Blaster and Slammer are attacking with increasing speed. These are reason for worry. Of the systems that the Slammer worm hit this year, 90 percent were struck within 10 minutes of its release.

And the frenetic traffic they can generate can cripple communications. At its height in August, the Sobig-F worm created as much as 73 percent of all e-mail flying across the Internet, according to some estimates.

"Such threats require entirely new proactive systems to stop them, as no entirely reactive infrastructure will ever be fast enough to protect against threats spreading at these speeds," John Schwarz, president of Symantec Corp., told a congressional subcommittee. last month. The next major Internet infection, he said, may take only seconds to install itself in every unprotected computer.

That's fatalistic talk from a guy whose company makes Norton Antivirus, one of the top sellers in an expanding industry.

Intrusion detection systems, firewalls, spyware and adware detectors are being rolled out in combinations to help plug the holes and shore up defenses.

If you spend enough time and money on these products, you can almost feel safe on your home broadband connection.

"With the advent of these blended threats, it's really more than just anti-virus these days," said Symantec product manager Anson Lee. "We've always talked about the need for multiple layers of protection. Anti-virus is very important as a foundation. But it does require that we have other tools, like personal firewalls and intrusion detection."

That's why market analysts such as IDC predict the anti-virus software market will grow from $2.2 billion last year to $4.4 billion in 2007.

We're always going to need foundation programs to protect our computers from known enemies. We're always going to have to buy yearly subscriptions to keep definitions up to date. And we're going to be forced to get the new security products as the landscape constantly shifts.

Determining which is most effective is not easy. PC World magazine recently teamed with AV-Test.org to test the leaders.

Reassuringly, the six products mentioned above were nearly 100 percent effective in detecting and eradicating known viruses and malware. Panda Software turned in the lowest score for detection at 96.4 percent.

But exact matches are the easiest to detect. Most anti- virus programs also try to identify new threats by looking for files that act similarly to known malware. PC World examined that performance with tests using virus definitions that were 3 and 6 months old. And that's where big differences emerged.

Results also varied when comparing the ability of these programs to peer inside compressed or archived files. They ranged from a low of a 60 percent detection rate for Norton Antivirus 2003 to more than 90 percent for Panda.

PC World concluded that Symantec's product was the best buy. But opinions on the subject vary depending on the examination criteria.

At the independent research labs of Software-Antivirus.com, Kaspersky Anti-Virus got the highest rating. Testers praise Kaspersky's product as the best in detection rates among all major anti-virus programs.

One thing seems certain: As anti-virus programs handle more security chores, the price for peace of mind is heading up.

For example, Symantec's newest release, Norton Antivirus 2004 ($50 list price) can warn users if their hard drives contain adware, spyware, keystroke loggers or other "hack tools." The price of keeping the software updated with an annual subscription will rise $5 to $19.95 after the first year, which is included with the purchase.

And, Symantec is adding product activation restrictions to its anti-virus package, so users will find it harder to save money by installing one copy on multiple machines.

To Lee, the new pricing reflects the importance of anti-virus software in an atmosphere of rising danger. "Users are really expecting us to do more than just worms and viruses and Trojan horses," he said.